build: Release #8748
Merged
build: Release #8748
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# [6.1.0-alpha.9](parse-community/parse-server@6.1.0-alpha.8...6.1.0-alpha.9) (2023-05-09) ### Features * Add option to change the log level of logs emitted by Cloud Functions ([parse-community#8530](parse-community#8530)) ([2caea31](parse-community@2caea31))
# [6.1.0-alpha.10](parse-community/parse-server@6.1.0-alpha.9...6.1.0-alpha.10) (2023-05-12) ### Bug Fixes * Cloud Code Trigger `afterSave` executes even if not set ([parse-community#8520](parse-community#8520)) ([afd0515](parse-community@afd0515))
# [6.1.0-alpha.11](parse-community/parse-server@6.1.0-alpha.10...6.1.0-alpha.11) (2023-05-17) ### Features * `extendSessionOnUse` to automatically renew Parse Sessions ([parse-community#8505](parse-community#8505)) ([6f885d3](parse-community@6f885d3))
# [6.1.0-alpha.12](parse-community/parse-server@6.1.0-alpha.11...6.1.0-alpha.12) (2023-05-19) ### Bug Fixes * GridFS file storage doesn't work with certain `enableSchemaHooks` settings ([parse-community#8467](parse-community#8467)) ([d4cda4b](parse-community@d4cda4b))
…restrict file upload by file extension (parse-community#8539)
# [6.1.0-alpha.13](parse-community/parse-server@6.1.0-alpha.12...6.1.0-alpha.13) (2023-05-25) ### Bug Fixes * Rate limit feature is incompatible with Node 14 ([parse-community#8578](parse-community#8578)) ([f911f2c](parse-community@f911f2c))
# [6.1.0-alpha.14](parse-community/parse-server@6.1.0-alpha.13...6.1.0-alpha.14) (2023-05-27) ### Bug Fixes * Unnecessary log entries by `extendSessionOnUse` ([parse-community#8562](parse-community#8562)) ([fd6a007](parse-community@fd6a007)) ### Features * Allow `Parse.Object` pointers in Cloud Code arguments ([parse-community#8490](parse-community#8490)) ([28aeda3](parse-community@28aeda3))
# [6.1.0-alpha.15](parse-community/parse-server@6.1.0-alpha.14...6.1.0-alpha.15) (2023-05-28) ### Bug Fixes * Inaccurate table total row count for PostgreSQL ([parse-community#8511](parse-community#8511)) ([0823a02](parse-community@0823a02))
This reverts commit 0823a02.
…to prevent returning a user without session token on sign-up with unverified email address (parse-community#8451)
# [6.1.0-alpha.17](parse-community/parse-server@6.1.0-alpha.16...6.1.0-alpha.17) (2023-06-07) ### Features * Add new Parse Server option `preventSignupWithUnverifiedEmail` to prevent returning a user without session token on sign-up with unverified email address ([parse-community#8451](parse-community#8451)) ([82da308](parse-community@82da308))
# [6.1.0-alpha.18](parse-community/parse-server@6.1.0-alpha.17...6.1.0-alpha.18) (2023-06-08) ### Features * Add support for `$eq` query constraint in LiveQuery ([parse-community#8614](parse-community#8614)) ([656d673](parse-community@656d673))
# [6.1.0-alpha.19](parse-community/parse-server@6.1.0-alpha.18...6.1.0-alpha.19) (2023-06-08) ### Bug Fixes * LiveQuery server is not shut down properly when `handleShutdown` is called ([parse-community#8491](parse-community#8491)) ([967700b](parse-community@967700b))
# [6.1.0-alpha.20](parse-community/parse-server@6.1.0-alpha.19...6.1.0-alpha.20) (2023-06-09) ### Features * Add zones for rate limiting by `ip`, `user`, `session`, `global` ([parse-community#8508](parse-community#8508)) ([03fba97](parse-community@03fba97))
commit 1506273 Author: semantic-release-bot <[email protected]> Date: Sat May 20 23:24:03 2023 +0000 chore(release): 6.2.0 [skip ci] # [6.2.0](parse-community/parse-server@6.1.0...6.2.0) (2023-05-20) ### Features * Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` ([parse-community#8538](parse-community#8538)) ([a318e7b](parse-community@a318e7b)) commit a318e7b Author: Manuel <[email protected]> Date: Sun May 21 01:23:00 2023 +0200 feat: Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` (parse-community#8538) commit 832702d Author: semantic-release-bot <[email protected]> Date: Mon May 1 21:50:23 2023 +0000 chore(release): 6.1.0 [skip ci] # [6.1.0](parse-community/parse-server@6.0.0...6.1.0) (2023-05-01) ### Bug Fixes * LiveQuery can return incorrectly formatted date ([parse-community#8456](parse-community#8456)) ([4ce135a](parse-community@4ce135a)) * Nested date is incorrectly decoded as empty object `{}` when fetching a Parse Object ([parse-community#8446](parse-community#8446)) ([22d2446](parse-community@22d2446)) * Parameters missing in `afterFind` trigger of authentication adapters ([parse-community#8458](parse-community#8458)) ([ce34747](parse-community@ce34747)) * Rate limiting across multiple servers via Redis not working ([parse-community#8469](parse-community#8469)) ([d9e347d](parse-community@d9e347d)) * Security upgrade jsonwebtoken to 9.0.0 ([parse-community#8420](parse-community#8420)) ([f5bfe45](parse-community@f5bfe45)) ### Features * Add `afterFind` trigger to authentication adapters ([parse-community#8444](parse-community#8444)) ([c793bb8](parse-community@c793bb8)) * Add option `schemaCacheTtl` for schema cache pulling as alternative to `enableSchemaHooks` ([parse-community#8436](parse-community#8436)) ([b3b76de](parse-community@b3b76de)) * Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([parse-community#7551](parse-community#7551)) ([e5d610e](parse-community@e5d610e)) * Add rate limiting across multiple servers via Redis ([parse-community#8394](parse-community#8394)) ([34833e4](parse-community@34833e4)) * Allow multiple origins for header `Access-Control-Allow-Origin` ([parse-community#8517](parse-community#8517)) ([4f15539](parse-community@4f15539)) * Deprecate LiveQuery `fields` option in favor of `keys` for semantic consistency ([parse-community#8388](parse-community#8388)) ([a49e323](parse-community@a49e323)) * Export `AuthAdapter` to make it available for extension with custom authentication adapters ([parse-community#8443](parse-community#8443)) ([40c1961](parse-community@40c1961)) commit 18b63d1 Merge: f7eee19 f59d46c Author: Manuel <[email protected]> Date: Mon May 1 23:49:22 2023 +0200 build: Release (parse-community#8526)
# [6.3.0-beta.1](parse-community/parse-server@6.2.0...6.3.0-beta.1) (2023-06-10) ### Bug Fixes * Cloud Code Trigger `afterSave` executes even if not set ([parse-community#8520](parse-community#8520)) ([afd0515](parse-community@afd0515)) * GridFS file storage doesn't work with certain `enableSchemaHooks` settings ([parse-community#8467](parse-community#8467)) ([d4cda4b](parse-community@d4cda4b)) * Inaccurate table total row count for PostgreSQL ([parse-community#8511](parse-community#8511)) ([0823a02](parse-community@0823a02)) * LiveQuery server is not shut down properly when `handleShutdown` is called ([parse-community#8491](parse-community#8491)) ([967700b](parse-community@967700b)) * Rate limit feature is incompatible with Node 14 ([parse-community#8578](parse-community#8578)) ([f911f2c](parse-community@f911f2c)) * Unnecessary log entries by `extendSessionOnUse` ([parse-community#8562](parse-community#8562)) ([fd6a007](parse-community@fd6a007)) ### Features * `extendSessionOnUse` to automatically renew Parse Sessions ([parse-community#8505](parse-community#8505)) ([6f885d3](parse-community@6f885d3)) * Add new Parse Server option `preventSignupWithUnverifiedEmail` to prevent returning a user without session token on sign-up with unverified email address ([parse-community#8451](parse-community#8451)) ([82da308](parse-community@82da308)) * Add option to change the log level of logs emitted by Cloud Functions ([parse-community#8530](parse-community#8530)) ([2caea31](parse-community@2caea31)) * Add support for `$eq` query constraint in LiveQuery ([parse-community#8614](parse-community#8614)) ([656d673](parse-community@656d673)) * Add zones for rate limiting by `ip`, `user`, `session`, `global` ([parse-community#8508](parse-community#8508)) ([03fba97](parse-community@03fba97)) * Allow `Parse.Object` pointers in Cloud Code arguments ([parse-community#8490](parse-community#8490)) ([28aeda3](parse-community@28aeda3)) ### Reverts * fix: Inaccurate table total row count for PostgreSQL ([6722110](parse-community@6722110))
…type pollution; fixes security vulnerability [GHSA-462x-c3jw-7vr6](GHSA-462x-c3jw-7vr6) (parse-community#8677)
…s and circumvent `beforeFind` query trigger (parse-community#8734)
|
I will reformat the title to use the proper commit message syntax. |
Thanks for opening this pull request!
|
* release: chore(release): 6.2.2 [skip ci] fix: Parse Pointer allows to access internal Parse Server classes and circumvent `beforeFind` query trigger; fixes security vulnerability [GHSA-fcv6-fg5r-jm9q](GHSA-fcv6-fg5r-jm9q) chore(release): 6.2.1 [skip ci] fix: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-462x-c3jw-7vr6](GHSA-462x-c3jw-7vr6) (parse-community#8674)
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## release #8748 +/- ##
===========================================
+ Coverage 94.32% 94.44% +0.11%
===========================================
Files 184 185 +1
Lines 14550 14647 +97
===========================================
+ Hits 13725 13834 +109
+ Misses 825 813 -12
☔ View full report in Codecov by Sentry. |
Contributor
|
🎉 This change has been released in version 6.3.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.